Posts [ 2 ]

Topic: Best practices for open sourcing your rails app and using git

* Use git as my version control* Work in development branches and merge them into master* Frequently push changes to a public, open source git repository (eg Github)* Be able to deploy to Heroku

The problem:

By default, any secrets (eg "config/initializers/secret_token.rb") are present in my repository. Simply including them in .gitignore makes deploying to Heroku difficult, as Heroku needs to compile their slug from a branch of my git repository (and those secret files need to be present).

Looking at this link (http://groups.google.com/group/heroku/b 9204c70574), the solution is to include secret files in the .gitignore of the Master branch, and then create a Deploy branch that does not ignore secret files. You work in Master, and then when you're ready to deploy, you do the following:

git checkout deploy
git merge master
git push heroku deploy:master

This seems like an ok solution, but breaks when you want to work on a local server. Because your Master or Development/Topic branches do not include and secret files, running:

rails server

Will produce the following error:

A secret is required to generate an integrity hash for cookie session data. Use config.secret_token = "some secret phrase of at least 30 characters"in config/application.rb

I can't just checkout the Deploy branch, because then I won't be able to edit code while the server is running.

So my solution for now is to have a Master branch that contains everything (plus other development branches) and then a Public branch created like so:

Re: Best practices for open sourcing your rails app and using git

I've handled secrets on Heroku using Heroku's config variables. This requires tweaking the Rails configuration code to read an environment variable, and then setting the environment variable in production and development.

In the rails configuration:

config.secret_token = ENV['MYAPP_SECRET_TOKEN']

You could improve that by, for example, raising an exception if the environment variable is empty.

Then, to configure your Heroku app, run the heroku config command:

$ heroku config:set MYAPP_SECRET_TOKEN=some-random-secret

In a development environment, simply set the environment variable in your shell:

$ export MYAPP_SECRET_TOKEN=some-random-secret

If you have many variables, you might wish to save the export command(s) in a file that is gitignored and source it:

$ source secret_variables.sh

Since the secrets are never checked in anywhere, you eliminate the risk of accidentally merging them into the wrong branch.